Hello everybody,
We are running into a limitation using the Federation Module (ISAM 9.0.5 IF1) for customizing user error pages after a failed authentication.
We are using federation as a SP linked to LuxTrust IDP. We have identified at least 2 particular use cases where we are unable to have a user friendly error page :
- When user takes too long to finish the authentication on the IDP
- When user cancels the authentication on the IDP side
On these both cases, IDP sends us back a SAML response notifying that the authentication failed with a precise reason inside (e.g. "user manually canceled")
We already customized the default federation error page templates so we have something a bit more user friendly but for these two cases (and other errors), but we have no way to displaying something else than " An error has occurred during the authentication".
We would love to have a way to get some sort of access to the attributes of the SAML response received by the federation module when we are in the error template page (via macros or via some sort of server side scripting?), so we could handle the error in a much more friendlier way (for example displaying "The authentication process took too long, please start again" or in the case the user canceled automatically start the authentication process again).
Is there any known way to achieve this ?
Thanks for any tip that could help us improving the error handling of failed authentications.
------------------------------
André Leruitte
------------------------------